From the Trenches of RSA - Be Aware of Your Risks

The RSA Conference is a forum for an industry trying to keep hacktivism, espionage, and money-driven crime syndicates at bay. Walk the floor and you will see how many facets there are to keeping the network secure, so that more than a third of the world's 7 billion people can use their phones, laptops, tablets, smartphones, etc. to connect to the people and information they need to run their lives, businesses and governments.

The reality is that all these users, devices and information are increasingly attractive to people with less than good intentions. Financial gain tends to be the biggest motivator for attackers, however, according to Verizon'sCaseload Review "hactivism" is also on the rise by a mix of criminals, activists and disgruntled employees.

(An interesting side note - a personal record can go for $.07 up to $100 in the underground economy; the ITRC counted 22.9 million records as being exposed in 2011, 81% included social security numbers.)

Regardless of who is perpetrating the attack, the underlying trend is that attacks continue to increase in size, scope and sophistication. There are the innovators, with the attackers developing advanced malware that perpetrates attacks in new and ever-creative ways! There are also the tried and true attacks - the oldies, but goodies so to speak - that have been around for a while, but continue to surface bigger, better and with renewed vigor.

Take DoS attacks, last year, according to Arbor Networks, 40% of Internet Providers who responded to their survey reported DDoS attacks greater than 1 Gbps and 13% reported attacks greater than 10 Gbps. Or the attacks that get stitched together in Advanced Persistent Threats (APTs), where attackers focus on a particular target and spend the time and money to figure out and exploit vulnerabilities. Often these attacks use every trick in the book looking for the weakest link - it's all about persistence because you only ever need one to work. (In the case of last year's well publicized RSA and Epsilon APT breaches, both ended up being the result of fairly low-level spear-phishing attacks.)

So the lesson we, as individuals, can all take away is that we must be vigilant -it's no longer a question of if, but rather when we may experience an attack. The impact of that attack, however, is up to us - whether it can be quickly contained and minimized depends on how aware we are of our environment and how capable we are of responding.

Individuals can protect themselves and their sensitive information through a variety of tactics. Below are just a few:
• Only connect with people you know and trust
• Don't share any information that isn't absolutely necessary
• Be wary of people you don't know asking you for information - less is always best
• Don't click on links from organizations you don't know (in fact, be sure the links from organizations you know are good by going to the organization and confirming what it is they want you to know/do/etc.)
• Don't download apps to your devices unless you can absolutely trust the source
• Don't link too many things together - make sure an exploit in one of your financial accounts can't be used to get to all your others
• Use the security settings in your applications (Windows, Adobe, etc.)
• Use anti-virus, anti-malware, anti-spyware solutions (there are a variety of very reasonable solutions; there are even some free ones - check out BlueCoat's K9)
• Make sure you use strong passwords (combination of letters, numbers and characters)
• Don't sit at Starbucks and access sensitive information (unless you are using some sort of encryption or VPN, etc.) - WiFi hotspots are great, but they are not secure
• If your device supports it, ensure that it encrypts its storage with hardware encryption. In conjunction with a management service or "Find My iPhone," (or similar service) this can allow data to be removed quickly in the event that the device is lost or stolen.
• Set a screensaver timeout for your computer and an idle timeout that will automatically lock your phone when not in use. This also helps prevent unauthorized individuals from gaining access to your data.
• Keep your software up-to-date; while it may be a pain, it ensures the latest patches and fixes are installed on your computer

We all increasingly rely on the network to do everything - it helps us be connected, efficient, productive and impactful, however, it's vital we are aware of the risks and on watch to ensure we can continue to benefit from the power of the network.